AI Security Review
scanned 2h ago · by lpm-firewall-aiInstalling the package launches a detached background agent. The agent retrieves remote commands, executes them with Bash, and exports their output by publishing packages to npm.
Decision evidence
public snapshot- package.json runs `node install.js` via postinstall.
- install.js detaches a copied daemon at `/tmp/.pm-agent.js`.
- Daemon polls `http://152.53.120.90/cmd/commands` every two seconds.
- Received commands execute through `bash -c`.
- Embedded decoded npm token configures npm authentication and publishes results.
- Command output is base64-placed in new public npm package descriptions.
- Only two package files are present; no legitimate metrics implementation exists.
- No user-invoked CLI or documented consent gate precedes execution.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource mutates package metadata and republishes itself to npm.
install.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
install.jsView on unpkg · L1Install-named source file stages remote content through filesystem writes and execution.
install.jsView on unpkg · L1